2167 matches found
[SECURITY] Fedora 39 Update: rubygem-actionview-7.0.7.2-1.fc39
Simple, battle-tested conventions and helpers for building web pages...
[SECURITY] Fedora 39 Update: rubygem-activemodel-7.0.7.2-1.fc39
A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...
SUSE-SU-2023:3534-1 Security update for rubygem-rails-html-sanitizer
This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking bsc1206433. - CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah bsc1206434. - CVE-2022-23519:...
CVE-2023-38037
An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system. Mitigation To work around this...
CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)
The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-40175
An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...
SUSE-SU-2023:3255-1 Security update for rubygem-actionpack-4_2
This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-28362: Fixed XSS via User Supplied Values to redirectto bsc1213312...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3229-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...
SUSE-SU-2023:3229-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312...
CVE-2023-38697
A flaw was found in the protocol-http1 rubygem package. The protocol-http1 provides a low-level implementation of the HTTP/1 protocol. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing...
Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update
Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
CVE-2023-36617
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...
Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...
rubygem-rack: denial of service in header parsing
A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...
RHEL 8 : pcs (RHSA-2023:3403)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3403 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial ...
pcs security and bug fix update
An update is available for pcs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...
RLSA-2023:2652 Important: pcs security and bug fix update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack: Regression of CVE-2023-28154 fixes in the Rocky Linux CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of...
RLSA-2023:3082 Moderate: pcs security and bug fix update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of service in header parsing CVE-2023-27539 For more details about the security...